Top

Published in:

2018 | OriginalPaper | Chapter

Security Analysis and Improvements of Three-Party Password-Based Authenticated Key Exchange Protocol

Authors : Qingping Wang, Ou Ruan, Zihao Wang

Published in: Advances in Internetworking, Data & Web Technologies

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Three-party password-based authenticated key exchange (3PAKE) protocol allows two clients, each sharing a password with a trusted server, to establish a secret session key with the help of the server. It is a practical mechanism for establishing secure channels in the communication networks. Recently, Xu et al. proposed a 3PAKE protocol without the server’s public key. They claimed that their protocol could withstand various attacks. In this paper, we show Xu et al.’s protocol is insecure against the stolen-verifier attack. Furthermore, we propose an improved 3PAKE protocol to overcome the weakness of Xu et al.’s protocol. Security and performance analysis shows that our protocol not only overcomes the security weakness, but also is more efficient. Therefore, our protocol is more suitable for the practical applications.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Compressed Video Sensing with Multi-hypothesis Prediction

next chapter A Combined Security Scheme for Network Coding

Bellovin, S.M., Merritt, M.: Encrypted key exchange: password based protocols secure against dictionary attacks. In: Proceedings of IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)

Ruan, O., Kumar, N., He, D.B., Lee, J.H.: Efficient provably secure password-based explicit authenticated key agreement. Pervasive Mob. Comput. 24(12), 50–60 (2015)CrossRef

Yi, X., Rao, F.Y., Tari, Z., Hao, F.: ID2S password-authenticated key exchange protocols. IEEE Trans. Comput. 65, 1–14 (2016)MathSciNetMATH

Lu, Y., Zhang, Q., Li, J., Shen, J.: Comment on a certificateless one-pass and two-party authenticated key agreement protocol. Inf. Sci. 369, 184–187 (2016)CrossRef

Zhang, L.: Certificateless one-pass and two-party authenticated key agreement protocol and its extensions. Inf. Sci. 293(1), 182–195 (2015)CrossRefMATH

Farash, M.S., Islam, S.H., Obaidat, M.S.: A provably secure and efficient two-party password-based explicit authenticated key exchange protocol resistance to password guessing attacks. Concurrency Comput. Prac. Experience 27(17), 4897–4913 (2015)CrossRef

Xie, Q., Dong, N., Tan, X., et al.: Improvement of a three-party password-based key exchange protocol with formal verification. Inf. Technol. Control 42(3), 231–237 (2013)

Chang, C.-C., Cheng, Y.-F.: A novel three-party encrypted key exchange protocol. Comput. Stan. Interfaces 26(5), 471–476 (2004)CrossRef

Lee, T.-F., Hwang, T., Lin, C.-L.: Enhanced three-party encrypted key exchange without server public keys. Comput. Secur. 23, 571–577 (2004)CrossRef

10.

Lin, C.-L., Sun, H.-M., Hwang, T.: Three-party encrypted key exchange: attacks and a solution. ACM Operating Syst. Rev. 34(4), 12–20 (2000)CrossRef

11.

Sun, H.-M., Chen, B.-C., Hwang, T.: Secure key agreement protocols for three-party against guessing attacks. J. Syst. Softw. 75(1–2), 63–68 (2005)CrossRef

12.

Islam, S.H.: Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps. Inf. Sci. 312(C), 104–130 (2015)MathSciNetCrossRef

13.

Amin, R., Biswas, G.P.: Cryptanalysis and design of a three-party authenticated key exchange protocol using smart card. Arab. J. Forence Eng. 40(11), 1–15 (2015)MathSciNet

14.

Lu, C.F.: Multi-party password-authenticated key exchange scheme with privacy preservation for mobile environment. Ksii Trans. Internet Inf. Syst. 9(12), 5135–5149 (2015)

15.

Nam, J., Paik, J., Kim, J., Lee, Y., Won, D.: Server-aided password-authenticated key exchange: from 3-party to group. In: International Conference on Human Interface & The Management of Information, vol. 6771, pp. 339–348 (2011)

16.

Ding, Y., Horster, P.: Undetectable on-line password guessing attack. ACM SIGOPS Operating Syst. Rev. 29(4), 77–86 (1995)CrossRef

17.

Lee, S.W., Kim, H.S., Yoo, K.Y.: Efficient verifier-based key agreement protocol for three parties without server’s public key. Appl. Math. Comput. 167(2), 996–1003 (2005)MathSciNetMATH

18.

Wang, R.C., Mo, K.R.: Security enhancement on efficient verifier-based key agreement protocol for three parties without server’s public key. Int. Math. Forum 1(17–20), 965–972 (2006)MathSciNetCrossRefMATH

19.

Kwon, J.O., Jeong, I.R., Sakurai, K., et al.: Efficient verifier-based password-authenticated key exchange in the three-party setting. Comput. Stand. Interfaces 29(5), 513–520 (2007)CrossRef

20.

Li, W., Wen, Q., Zhang, H.: Verifier-based password-authenticated key exchange protocol for three-party. J. Commun. 29(10), 149–152 (2008)

21.

Xu, et al.: Efficient three-party password-based authenticated key exchange protocol. J. Univ. Electron. Sci. Technol. China 41(4), 596–598 (2012)MathSciNet

22.

Lee, S.W., Kim, W.H., Kim, H.S., et al.: Efficient password-based authenticated key agreement protocol. Lecture Notes in Computer Science, pp. 617–626 (2004)

23.

Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29, 198–208 (1983)MathSciNetCrossRefMATH

Title: Security Analysis and Improvements of Three-Party Password-Based Authenticated Key Exchange Protocol
Authors: Qingping Wang
Ou Ruan
Zihao Wang
Publisher: Springer International Publishing
Book: Advances in Internetworking, Data & Web Technologies
Print ISBN: 978-3-319-59462-0

Electronic ISBN: 978-3-319-59463-7

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-59463-7_49

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner